<?php
include('pages/config.php');
//LOGIN VERIFICATION
//Check that user is calling the page from the login form and not accessing directly
//and direct back to login form if necessary

$myusername = $_POST['username'];
$password = md5($_POST['password']);

//echo $user . $password;

/*if ( $user == NULL OR $password == NULL)
{
	//header("Location: index.php");
	echo "username or password not set";
}
//check that the form fields are not empty
elseif ( $user == "" OR $password == "")
{
	//header("Location: index.php");
	echo "form field are empty";
}
else
{*/
	$result = mysql_query("SELECT * FROM users WHERE username='$myusername' AND password='$password'", $db);
	
	//check that at least one row was returned

	$rowCheck = mysql_num_rows($result);
	if ($rowCheck > 0)
	{
		while ($row = mysql_fetch_array($result))
		{
			//start the session and register a variable
			//session_start();
			$host_or_ip = $row['host_or_ip'];
			$access_level = $row['access_level'];
			session_register("myusername");
			session_register("host_or_ip");
			session_register("access_level");
			session_register("timeout_idle");		
	
			//TODO:  Set the session timeout to a large number to keep user logged in.  Make this a user configurable option.  Also create it so that user can only be logged in for a single session on a single machine, similar to facebook and google.  If user is logged in, the force them to log out if session time is exceeded.
			ini_set('session.gc_maxlifetime', 999999);

	
			//we will redirect the user to another page where we will make sure they're logged in
			//We will redirect the user to the main.php page
			header("Location: main.php");
			
			//successful login code goes here...
			//echo "Success!";

		}
	}
	else
	{
		//if nothing is returned by the query, unsuccessful login code goes here...
		//echo "Submit user: " . $user . " Submit Pass: " . $password . "<br>";
		header("Location: index.php");
	}
//}
mysql_close();
//END LOGIN VERIFICATION
?> 
